[Security] #[CurrentUser] argument should resolve to null when it is anonymous

This commit is contained in:
Robin Chalas 2021-02-23 23:49:04 +01:00
parent 5028aaf542
commit 8d3078dd35
2 changed files with 14 additions and 6 deletions

View File

@ -35,12 +35,9 @@ final class UserValueResolver implements ArgumentValueResolverInterface
public function supports(Request $request, ArgumentMetadata $argument): bool public function supports(Request $request, ArgumentMetadata $argument): bool
{ {
if ($argument->getAttribute() instanceof CurrentUser) { // with the attribute, the type can be any UserInterface implementation
return true; // otherwise, the type must be UserInterface
} if (UserInterface::class !== $argument->getType() && !$argument->getAttribute() instanceof CurrentUser) {
// only security user implementations are supported
if (UserInterface::class !== $argument->getType()) {
return false; return false;
} }

View File

@ -83,6 +83,17 @@ class UserValueResolverTest extends TestCase
$this->assertSame([$user], iterator_to_array($resolver->resolve(Request::create('/'), $metadata))); $this->assertSame([$user], iterator_to_array($resolver->resolve(Request::create('/'), $metadata)));
} }
public function testResolveWithAttributeAndNoUser()
{
$tokenStorage = new TokenStorage();
$tokenStorage->setToken(new UsernamePasswordToken('username', 'password', 'provider'));
$resolver = new UserValueResolver($tokenStorage);
$metadata = new ArgumentMetadata('foo', null, false, false, null, false, new CurrentUser());
$this->assertFalse($resolver->supports(Request::create('/'), $metadata));
}
public function testIntegration() public function testIntegration()
{ {
$user = $this->createMock(UserInterface::class); $user = $this->createMock(UserInterface::class);